Contents

Introduction

The Java Virtual Machine provides the SSL cipher suites that Jetty uses. See JSSE Provider documentation for more information on the available cipher suites.

Steps

Enabling Cipher Suites

If a cipher suite that you require is not enabled by default, Jetty provides a mechanism that lets you enable the cipher suite for a specific SSL connector during Jetty startup. Be aware that you must specify cipher suites in preference order.

Here's an example of how to configure the SslSocketConnector with included cipher suites:

Disabling Chipher Suites

If a vulnerability is discovered in a cipher, or if it is considered too weak to use, you can exclude it during Jetty startup. You need to make the following changes to the jetty.xml configuration file. Jetty performs the exclude operation after the include operation. Therefore, If a cipher suite is both included and excluded as part of the same configuration, it is disabled.